skuzzle
commented
4 years ago Seems like its not that easy because the oauth flow needs more information than just the token for managing renewal and stuff. (see also: https://stackoverflow.com/questions/60772607/spring-boot2-stateless-server-side-oauth-authentication)
To allow scaling its therefore necessary to store the session state in a distributed cache, so that all instances have the same view on the active sessions.
This is now achieved using redis:
- When running locally, redis is not used
- When running in docker, spring boot redis starter artifacts are conditionally included during build time
- deployment config contains necessary parameters to wire everything together
Currently we use simple server side sessions though we do not actually need session state. Instead we should just communicate the oauth token between browser and client's backend to achieve full statelessness